CVE-2022-50492

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/msm: fix use-after-free on probe deferral

The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. after a second late bind deferral).

Given enough bridges and a few probe deferrals this could currently also lead to data beyond the bridge array being corrupted.

Patchwork: https://patchwork.freedesktop.org/patch/502665/

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa3376e3ec81c5dd0622cbc187db76d2824d31c1c < 0a30a47741b6df1f9555a0fac6aebb7e8c363badaffected
LinuxLinuxa3376e3ec81c5dd0622cbc187db76d2824d31c1c < 6808abdb33bf90330e70a687d29f038507e06ebbaffected
LinuxLinux3.12affected
LinuxLinux0 < 3.12unaffected
LinuxLinux6.0.7 <= 6.0.*unaffected
LinuxLinux6.1 <= *unaffected

Weaknesses

References